LISTSERV mailing list manager LISTSERV 16.0

Help for LINUX-L Archives


LINUX-L Archives

LINUX-L Archives


LINUX-L@LISTS.UFL.EDU


View:

Message:

[

First

|

Previous

|

Next

|

Last

]

By Topic:

[

First

|

Previous

|

Next

|

Last

]

By Author:

[

First

|

Previous

|

Next

|

Last

]

Font:

Monospaced Font

LISTSERV Archives

LISTSERV Archives

LINUX-L Home

LINUX-L Home

LINUX-L  2007

LINUX-L 2007

Subject:

Re: Jordan on /.

From:

"John H. Sawyer" <[log in to unmask]>

Reply-To:

Platform Independent Linux List! <[log in to unmask]>

Date:

Wed, 21 Feb 2007 09:34:59 -0500

Content-Type:

text/plain

Parts/Attachments:

Parts/Attachments

text/plain (47 lines)

Two blog entries from Matasano Chargen that you'll probably find
interesting are below.

Detecting Virtualized Rootkits
http://www.matasano.com/log/680/detecting-virtualized-rootkits/

Virtualized Hypervisors and The Halting Problem
http://www.matasano.com/log/682/virtualized-hypervisors-and-the-
halting-problem/

As for the BIOS, TPM has a lot of potential, although, since
Microsoft is leveraging TPM for BitLocker, it will get a lot of
scrutiny as an attack vector for breaking BitLocker. It shouldn't be
difficult to use TPM to check a BIOS in the same ways that MS does to
verify the integrity of the system/boot files before an encrypted
BitLocker volume is decrypted and allowed to boot. A manufacturer
could encrypt the BIOS, require TPM to verify it and the peripherals,
then allow the machine to continue booting. The manufacturer just
needs to make their checks robust as to not run into some of the
moronic problems MS did in the beginning with TPM and BitLocker. In
some of the Vista betas (not sure if it made it into the RTM),
BitLocker would not decrypt because the "hardware profile" had
changed due to a freaking BIOS upgrade or simply removing a couple of
USB peripherals that were plugged in when BitLocker was first enabled
and a profile created.

-jhs
--
John H. Sawyer
IT Senior Security Engineer
University of Florida - IT Security Team
352.392.2061 - [log in to unmask] - infosec.ufl.edu

On Feb 20, 2007, at 11:22 PM, Matt wrote:

> Its too bad I am not in Gainesville anymore. It seems like there
> are some good activities going on. Anyway, since we have such
> renowned security expert(s) ;-) on the list I would like to pose a
> question. There has been much talk of lower level rootkits like
> the Blue Pill that subvert the kernel using virtualization and ones
> that hide in the motherboard BIOS or peripheral BIOS. How can one
> be sure that nothing sneaks in the boot phase before control is
> handed to the OS? I have read about secure booting that uses a
> mostly encrypted, custom BIOS to compare hashes of the peripheral
> firmware and HDD boot sectors (e.g., http://www.cs.umd.edu/~waa/
> pubs/oakland97.pdf). I am thinking a TPM would also be a viable
> solution?

Top of Message | Previous Page | Permalink

Advanced Options


Options

Log In

Log In

Get Password

Get Password


Search Archives

Search Archives


Subscribe or Unsubscribe

Subscribe or Unsubscribe


Archives

2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998
1997

ATOM RSS1 RSS2



LISTS.UFL.EDU

CataList Email List Search Powered by the LISTSERV Email List Manager